First published: Wed Jun 03 2020(Updated: )
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Naviwebs Navigate CMS | <=2.8.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13798 is a vulnerability in Navigate CMS through 2.8.7 that allows for cross-site scripting (XSS) attacks.
CVE-2020-13798 has a severity rating of 6.1 (medium).
CVE-2020-13798 occurs due to a lack of purify calls in lib/packages/feeds/feed.class.php in Navigate CMS.
Navigate CMS versions up to and including 2.8.7 are affected by CVE-2020-13798.
To fix CVE-2020-13798, it is recommended to update Navigate CMS to a version that includes the fix, such as version 2.8.8 or later.